fix: enforce canonical codec idioms throughout; upgrade signer_key_id to full sha256: fingerprint
- Replace all inline 'sha256:' + hashlib.sha256(...).hexdigest() with blob_id() - Replace all public key fingerprinting with public_key_fingerprint() from _types - Remove 16-char truncated signer_key_id form entirely — was 64-bit collision space - signer_key_id is now the full sha256:<64-hex> canonical fingerprint everywhere - snapshot.py: removeprefix('sha256:') → split_id()[1] in compute_snapshot_id and compute_commit_id - migrate.py: _normalise_key_id() upgrades old 16-char form using stored signer_public_key - transport.py: inline debug hash → short_id(blob_id(v)) - identity/plugin.py: inline sha256 → blob_id() - provenance.py: sign_commit_record returns public_key_fingerprint(), not hexdigest()[:16] - verify_tag.py: docstring updated to reflect canonical fingerprint format - Tests updated throughout to use _types codec functions; hashlib imports removed where redundant - test_status_json_schema: fixture uses code add . to commit dotfiles → clean=True
0 comments
muse hub commit comment sha256:fbad7b06074f4277af61670185abbe19198d7b5a64a7ac91390277a2ae82d7b3 --body "your comment"
No comments yet. Be the first to start the discussion.